Security concerns of wireless networks such as WLANs (Wireless Local Area Networks) and WMANs (Wireless Metropolitan Access Networks) are more serious than those of wired Ethernet networks. RFID (Radio-frequency identification) faces the same challenges. Identity authentication and permission authorization between the reader-writer and the electronic tag must be effectively dealt with prior to secure communication. Among all the wireless networks, electronic tags have the most complicated security matter, because of their huge differences in performances and functions, and the difficulties to normalize their product forms and application requirements. As a result, security strategies must be tailored to each type of electronic tag and its particular application mode.
Generally, according to their application situations and environments, electronic tags can be classified as: 1) high-grade electronic tags, readable and writable, having a certain amount of memory space, and capable of data processing and computing; 2) middle-grade electronic tags, with a performance slightly poorer than the high-grade ones and similar functions; 3) low-grade electronic tags, only for recording some data information and supporting information to be read from or write to by a reader-writer, and generally incapable of data processing and computing.
For electronic tags with a high performance and certain computing and processing capabilities, existing secure access protocols for wireless networks can be used or adopted in the two-way authentication and permission authorization between the electronic tag and the reader-writer, for example, WAPI (WLAN Authentication and Privacy Infrastructure). However, for electronic tags with a low performance, existing protocols are not supported, and a new security protocol is to be developed for their security.
Particularly, for ISO (International Organization for Standardization) 18000-6 type A and ISO 18000-6 type B electronic tags, which have poor computing and processing performances, conventional public-key based security protocols are not applicable. However, studies have shown that these types of electronic tags can fully support pre-shared key based security protocols. Therefore, pre-shared key based security protocols are an effective solution to the security of 18000-6 type A and ISO 18000-6 type B electronic tags.
Moreover, it should be noted that, in its field of application, the ID (identity) of an electronic tag normally indicates a business secret, e.g. price or place of origin of a product; hence, we must maintain its secrecy during authentication. In order to avoid ID leaks and subsequent attacks, a publicable temporary identity replacing the ID itself is used in the protocol. For security sake, an electronic tag may have different temporary identities in different authentication processes.
Some pre-shared key based two-way authentication protocols have been proposed in the art. However, those protocols have security problems and cannot achieve the purpose of security authentication. Specifically, the security problems of existing protocols include:
1. Shared-key updating brings security risks. Because the security of the shared-key is the foundation of a pre-shared key based security protocol, the shared-key is normally written in a reliable and manual manner; and dynamically updating it in the protocol will inevitably introduce unsafe or unreliable matters, hence deteriorating the security of the system.
2. Frequent shared-key writing causes the system to lose a lot energy, which may further deteriorates the usability of the electronic tag, as its performance is sensitive to the energy.
3. CRC (Cyclic Redundancy Check) is used for integrity check of messages of the protocol, and calculation of integrity check codes does not involve any secret information shared between both parties of the communication and cannot defend against active attacks.
4. Shared key updating does not have forward secrecy. If the attacker cracks one of the updated keys, he will be able to calculate all the shared keys negotiated in the future.
5. Shared key updating does not have backward secrecy. If the attacker cracks one of the updated keys, he will be able to calculate all the shared keys negotiated in the past.
6. Both parties of the protocol must store each calculation of message integrity check information, which raises the burden on system storage.
Due to the foregoing concerns, a new pre-shared key based two-way anonymous authentication protocol for two-way authentication and permission authorization between the electronic tag and the reader-writer is desired, to guarantee the security of data information of these types of electronic tags.